Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack
发表信息
作者
- Charles Rackoff
- Daniel R Simon
笔记
The zero-knowledge proof of knowledge, first defined by Fiat, Fiege and Shamir, was used by Galil, Haber and Yung as a means of constructing (out of a trapdoor function) an interactive public-key cryptosystem provably secure against chosen ciphertext attack. We introduce a revised setting which permits the definition of a non-interactive analogue, the non-interactive zero-knowledge proof of knowledge, and show how it may be constructed in that setting from a non-interactive zero-knowledge proof system for N P (of the type introduced by Blum, Feldman and Micali). We give a formalization of chosen ciphertext attack in our model which is stronger than the “lunchtime attack” considered by Naor and Yung, and prove a non-interactive public-key cryptosystem based on non-interactive zero-knowledge proof of knowledge to be secure against it.
零知识知识证明(zero-knowledge proof of knowledge)最初由Fiat、Fiege和Shamir定义,后来被Galil、Haber和Yung用作构建一种可证明安全的、能抵御选择密文攻击的交互式公钥密码系统(其基于陷门函数)的手段。我们引入了一个修订的设定,该设定允许定义一个非交互式的类似物——非交互式零知识知识证明(non-interactive zero-knowledge proof of knowledge),并展示了如何在该设定下基于NP问题的非交互式零知识证明系统(由Blum、Feldman和Micali引入的类型)来构建它。我们在我们的模型中对选择密文攻击进行了形式化定义,这种定义比Naor和Yung考虑的”午餐时间攻击”(lunchtime attack)更为严格,并证明了基于非交互式零知识知识证明的非交互式公钥密码系统能够抵御这种攻击。